PHP-Nuke bb_smilies.php Execute Arbitrary Command

2001-02-23T00:00:00
ID OSVDB:524
Type osvdb
Reporter OSVDB
Modified 2001-02-23T00:00:00

Description

Vulnerability Description

PHP-Nuke contains a flaw that allows a remote attacker to read arbitrary files or execute arbitrary commands. The issue is due to the bb_smilies.php not sanitizing input passed to the $user variable. By altering values for this variable, an attacker could execute SQL queries to change user settings and gain administrative privileges.

Solution Description

Upgrade to version 4.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP-Nuke contains a flaw that allows a remote attacker to read arbitrary files or execute arbitrary commands. The issue is due to the bb_smilies.php not sanitizing input passed to the $user variable. By altering values for this variable, an attacker could execute SQL queries to change user settings and gain administrative privileges.

Manual Testing Notes

http://[victim]/phpBB/bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK

References:

Vendor Specific Solution URL: http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1 Snort Signature ID: 1774 Related OSVDB ID: 3412 Other Advisory URL: http://www.securiteam.com/securitynews/Serious_security_hole_in_PHP-Nuke__bb_smilies_.html Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html Nessus Plugin ID:10630 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html ISS X-Force ID: 6183 CVE-2001-0320 CVE-2001-0001 Bugtraq ID: 2422